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DETAILED ACTION 

1. The reply filed June 14, 2007, has been received and entered. Claims 6-1 1 are pending. 

Response to Amendment 

2. Applicant's submission of replacement drawings and amendments to the specification 
appropriately address the objections to the drawings and specification as detailed in the previous 
Office action, and accordingly, these objections are withdrawn. 

Terminal Disclaimer 

3. The terminal disclaimer filed on June 14, 2007, disclaiming the terminal portion of any 
patent granted on this application which would extend beyond the expiration date of any patent 
granted on Application Number 10/825,007 has been reviewed and is accepted. The terminal 
disclaimer has been recorded. 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-5 have been considered but are moot in 
view of the cancellation of claims 1-5 and in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

6. Claims 6, 7, 9, and 10 are rejected under 35 U.S.C. 102(b) as being anticipated by Matt 
Bishop and Micharil Dilger, "Checking for Race Conditions in File Accesses," 1996, Computing 
Systems 9(2), pp. 131-152 (manuscript version; 20 pages) ("Bishop 1996"). 
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Regarding claim 6, Bishop 1996 discloses: 

executing computer instructions to analyze the source code listing to create computer 
models of said control flow to indicate the run-time sequence in which routine calls will be 
invoked and to create computer models of said arguments for the routine calls {see, e.g. , 
Bishopl996 at p. 10, paragraph 2); 

executing computer instructions to use said computer models of said control flow in order 
to determine a run-time sequence of execution of a pair of routine calls, said pair of routine calls 
having a first routine call and second routine call in which execution of the first routine call 
precedes execution of said second routine call (see, e.g., Bishopl996 at p. 6, paragraphs 2-4 
(describing intervals and a semantic characterization of TOCTTOU binding flaws and race 
conditions); p. 1 0, paragraph 2 (describing static analysis including control flow and data flow)); 

executing computer instructions to determine if a second routine to be executed has an 
argument referring to a file that is also referred to by an argument of the first routine to be 
executed and if so to identify said sequence as a race condition vulnerability (see, e.g., 
Bishop 1996 at p. 7, last paragraph, continuing onto p. 8; p. 9, last paragraph, continuing onto p. 
10); 

generating a report that is viewable by a user and that identifies the race condition 
vulnerabilities, so the user may modify the source code listing to address the vulnerability if 
desired (see, e.g., Bishopl996 at pp. 16-17 (Appendix 1. Analyzer Output)). 

Regarding claim 7, Bishop 1996 further discloses: 

the act of executing computer instructions to analyze the source code listing to create 
computer models of said data flow to indicate the run-time transformations of operand values 
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and including the act of using data flow models to resolve the expression-references and 
operand-references to computer files in the first and second routine calls to detect whether both 
routines refer to the same computer file (see, e.g., Bishopl996 at p. 10, paragraph 2). 

Regarding claims 9 and 10, these are computer-readable media substantially paralleling 
the methods discussed above (claims 6 and 7). The use of such computer-readable media is 
inherent in the software-implemented system of Bishopl996 (see, e.g., Bishopl996 at section 4 
(pp. 9-11); pp. 16-17 (Appendix 1. Analyzer Output)), and all other limitations have been 
addressed as set forth above. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 8 and 1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over Matt 
Bishop and Micharil Dilger, "Checking for Race Conditions in File Accesses," 1996, Computing 
Systems 9(2), pp. 131-152 (manuscript version; 20 pages) ("Bishop'1996") in view of Jong-Deok 
Choi, et al., "Static Datarace Analysis for Multithreaded Object-Oriented Programs," August 9, 
2001, IBM, RC22146 (W0 108-0 16), pp. 1-18 ("J-D2001"). 

Regarding claims 8 and 1 1, Bishop 1996 further discloses the control flow model being a 
control flow graph (see, e.g., Bishop 1996 at p. 10, paragraph 2), but fails to expressly disclose 
traversing the control flow graph backwards in order to determine the sequential relationship 
among routine calls in the source code listing. However, J-D2001 teaches, as part of a system 
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for modeling the control flow and data flow of a program for software vulnerability (specifically, 
race conditions or "dataraces") detection (see, e.g.,J-D2001 at p. 1, col. 1, paragraphs 1-2), such 
backwards (depth-first) traversing of a control flow graph in order to determine the sequential 
relationship among routine calls in the source code listing (see, e.g.,J-D200I at p. 13, col. 1, 
paragraphs 3-4). Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate such backward traversing of a control flow graph as 
a known means of efficiently processing control flow information. 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. The Rioux patent describes modeling of control flow and data flow for software 
vulnerability analysis (see, e.g., Rioux at col. 2, lines 41-53). 

10. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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1 1 . Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to Eric B. Kiss whose telephone number is (571) 272-3699. The 
Examiner can normally be reached on Tue. - Fri., 7:00 am - 4:30 pm. The Examiner can also be 
reached on alternate Mondays. 

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Tuan Dam, can be reached on (571) 272-3695. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Any inquiry of a general nature should be directed to the TC 2100 Group receptionist: 
571-272-2100. 




Eric B. Kiss 
August 22, 2007 



